New duplicate action in core is not linked to permissions

[helloDanuk]

The new duplicate action is a handy tool, but it causes problems depending on permissions and roles. Take a look at this example:

You have two collections 'pages' and 'events' and an editor role. The editor has permissions to…

• create and delete entries in the 'events' collection and manage their public state too → Duplicate actions makes sense
• only edit existing pages/entries in the 'pages' collection, but not to manage their public state, create new or delete entries → Since anyone can duplicate entries regardless of their role, the duplicate action leads to inconsistent options. Editors can duplicate entries as they wish, but they can not control their publish status or delete them again.

As a conclusion the duplicate actions should be available as an option in the permissions panel. You could choose per collection basis which role can duplicate entries. And what applies to collections should also be possible for asset containers, taxonomies, etc.

[jasonvarga]

I think it should just be tied to the 'create new entries' permission.

[helloDanuk]

Agreed, this is even easier.